Grant the AD RMS Service Group Permission to the SSL Certificate

Updated: February 15, 2011

Applies To: Windows Server 2012

After enrolling the cluster with the Microsoft Federation Gateway or updating the token decryption certificate, you must grant the AD RMS Services group permission to access the token decryption certificate on all servers in the cluster.

Membership in the local
Administrators
group, or equivalent, is the minimum required to complete this procedure.

To grant permission to the AD RMS Services group for the SSL certificate